SSL workaround
Python < 2.7.9 does not support anonymous SSL server through ssl.wrap_socket, so we have to disable it. Works fine as client. Try to prefer secp256k1 curve (again, requires python >= 2.7.9)
This commit is contained in:
parent
049e226ddc
commit
2fd85bfa69
|
@ -265,8 +265,10 @@ class receiveDataThread(threading.Thread):
|
||||||
self.connectionIsOrWasFullyEstablished = True
|
self.connectionIsOrWasFullyEstablished = True
|
||||||
|
|
||||||
self.sslSock = self.sock
|
self.sslSock = self.sock
|
||||||
if (self.services & shared.NODE_SSL == shared.NODE_SSL):
|
if (self.services & shared.NODE_SSL == shared.NODE_SSL and (self.initiatedConnection or sys.version_info >= (2, 7, 9))):
|
||||||
self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
|
self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
|
||||||
|
if hasattr(self.sslSock, "context"):
|
||||||
|
self.sslSock.context.set_ecdh_curve("secp256k1")
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
self.sslSock.do_handshake()
|
self.sslSock.do_handshake()
|
||||||
|
|
|
@ -148,7 +148,8 @@ def encodeHost(host):
|
||||||
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber):
|
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber):
|
||||||
payload = ''
|
payload = ''
|
||||||
payload += pack('>L', 3) # protocol version.
|
payload += pack('>L', 3) # protocol version.
|
||||||
payload += pack('>q', NODE_NETWORK|NODE_SSL) # bitflags of the services I offer.
|
payload += pack('>q', NODE_NETWORK|(NODE_SSL if sys.version_info >= (2, 7, 9) else 0)) # bitflags of the services I offer.
|
||||||
|
# python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok
|
||||||
payload += pack('>q', int(time.time()))
|
payload += pack('>q', int(time.time()))
|
||||||
|
|
||||||
payload += pack(
|
payload += pack(
|
||||||
|
|
Reference in New Issue
Block a user